Rotate AWS Secrets Manager secrets

Rotation is the process of periodically updating a secret. When you rotate a secret, you update the credentials in both the secret and the database or service. In Secrets Manager, you can set up automatic rotation for your secrets. Applications that retrieve the secret from Secrets Manager automatically get the new credentials after rotation.

To turn on automatic rotation, you need administrator permissions. See Secrets Manager administrator permissions.

Topics

Rotation strategies
Automatically rotate an Amazon RDS, Amazon DocumentDB, or Amazon Redshift secret
Automatically rotate a secret
Schedule expressions in Secrets Manager rotation
Rotate a secret immediately
How rotation works
Network access for the rotation function
Permissions for rotation
Customize a Lambda rotation function for Secrets Manager
Secrets Manager rotation function templates
Troubleshoot AWS Secrets Manager rotation of secrets

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Parameter Store

Rotation strategies